If someone is walking around your organization with t-shirt that says “Bow before me, for I am root.,” then you will have a big problem on your hands when the auditors come around or if a hacker decides to target your company for theft or cyber sabotage.
Regardless of your career as a security researcher, penetration tester, technical writer or sales person, you probably have a few utilities on your computer that are a “must have” for daily operations. Some of them are probably unique to your position like a port scanner and others more generic like a file compression utility. Everyone…
In the spirit of keeping blog posts informative, short and fun, this one takes a cue from David Letterman in format. So without further fanfare or wasted space… the Top 10 Reasons to Implement Least Privilege for Virtualized Servers are:
I have been combing though some vulnerability reports and the vast majority of remediation strategies revolve around applying a patch. Simple in concept; install this patch, and the vulnerability is mitigated. The difficulty arises when you have vast quantities of the patch to deploy, are unsure whether the security update breaks any other function or…
The internet has been buzzing with news of political change in the UK, where consumers are demanding US-like fines, regulations and notification rules regarding data breaches. Earlier this month Network World reported the Information Commissioner fined two organizations 160,000 pounds in two of their first fines for “serious” data breaches. Yet despite the new fines, consumers in the UK still want more protections and disclosure rules, so says 5,000 UK consumers in one survey.
If you have not read the Verizon 2010 Data Breach Investigations Report (a study conducted by the Verizon RISK Team in cooperation with the United States Secret Service), it is time to download and read this report and give it some attention. This report is comprehensive and is of great value for IT security specialists. The information is an eye-opener and guides management in the correct direction when trying to find the best solution to secure their IT infrastructure.
How much press will we have to endure on the significant problems created by WikiLeaks and the public lynching of those who perpetrate these leaks before we realize that if you give someone an inch (excessive admin rights) they will take a mile (misuse that privilege)?
Kevin Hickey, CEO of eEye Digital Security, addresses customers, partners, and prospects with a year-end review of 2010. First, he announces the launch of the new Retina CS 2.0 solution and covers what eEye promised at the beginning of the year and what they delivered, then introduces you to where the company is headed in…
The trial of a former Goldman Sachs programmer accused of stealing source code to take to a competitor has begun in somewhat of a public spectacle. The Wall Street Journal unveiled some particularly interesting details. For example, the programmer was one of the highest paid in the company with a $400,000 annual salary, but competitor Teza Technologies offered him over $1 million in total pay including a $700,000 bonus.